Where the list member is a service provider who intends to take
+disruptive action such as rebooting as part of deploying a fix: the
+list member's communications to its users about the service disruption
+may mention that the disruption is to correct a security issue, and
+relate it to the public information about the issue (as listed above).
+This applies whether the deployment occurs during the embargo (with
+permission - see above) or is planned for after the end of the
+embargo.

NOTE: Prior v2.2 of this policy (25 June 2014) it was
permitted to also make available the allocated CVE number. This is no
longer permitted in accordance with MITRE policy.